[systemd-devel] How to completely clear journal?
Zbigniew Jędrzejewski-Szmek
zbyszek at in.waw.pl
Wed Oct 2 13:06:16 PDT 2013
On Wed, Oct 02, 2013 at 02:42:55AM -0700, David Strauss wrote:
> On Wed, Oct 2, 2013 at 2:04 AM, Manuel Reimer
> <manuel.spam at nurfuerspam.de> wrote:
> > Another option seems to be to store a timestamp in memory and use --since.
> > Maybe this is even more error proof as a cursor could maybe get invalid if
> > the log really exceeds my 1M limit.
>
> If your cursor's invalid, that probably means you've missed some
> items. That might be worth knowing rather than silently handling. You
> can always fall back to fetching all if the cursor has rolled out of
> memory.
I'm pretty sure that if a cursor has rolled out of memory,
--after-cursor will still do the right thing, i.e. show all logs.
Timestamps are not as good, because of time jumps.
--show-cursor and --after-cursor were designed pretty much for this
usecase, so they *should* work for you, and if they don't, that's a
bug to fix. To make the approach explicit: the idea is that
you do 'journalctl --show-cursor', tee the output to gzip,
and also grep for '^-- cursor: ' and record the cursor and then
use it with --after-cursor in the next round.
Zbyszek
More information about the systemd-devel
mailing list